China's hacker army foreign policy (1)

1,437 views

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,437
On SlideShare
0
From Embeds
0
Number of Embeds
436
Actions
Shares
0
Downloads
7
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

China's hacker army foreign policy (1)

  1. 1. MAGAZINE ARCHIVE SEARCH FOLLOW LOGINThe myth of a monolithic Chinese cyberwar is starting to be dismantled. A look inside the teeming, chaoticworld that exists instead -- and that may be far more dangerous.BY MARA HVISTENDAHL | MARCH 3, 2010A flier for a prominent Chinese hacker’s presentation on the how-tos and wherefores of hacking, drawing on sources as diverse as Shakespeare, the Diamond Sutra, and … Google. Click through to view FPsexclusive slideshow.The autobiography of hacker SharpWinner opens on a bunch of young men in a high-rise apartment thick withcigarette smoke, in an unnamed city somewhere in China. Hacking is hard work, and this particular group, oneof hundreds spread across the country, has been at it for hours. But the alpha male of the group, a "handsomeand bright youth" -- throughout The Turbulent Times of the Red Hackers, SharpWinner refers to himself in thethird person -- is unflappable. After he completes a backdoor intrusion into a Japanese website, he takes a breakto field text messages from female admirers.It would be easy to dismiss SharpWinner, who has promoted his book on national television, claiming he has amovie deal in the works, as an attention-hungry stuntman. And in fact, the news that Google and dozens of othercompanies had been hit by a mammoth attack originating in China this past winter evoked the strong arm of theChinese government -- not SharpWinners amorphous world of hacker bandits. The Internet giant said the
  2. 2. decision to go public with information on Operation Aurora, as the hack has been dubbed, "goes to the heart of amuch bigger global debate about freedom of speech." The Chinese governments spying on the email accounts ofhuman rights activists, Google intimated, was behind its threat to pull out of China. (It has yet to make good onthat claim.)But a report released Tuesday by Atlanta security firm Damballa says the Aurora attack looks like work ofamateurs working with unsophisticated tools. That revelation, along with a separate story in the FinancialTimes that a freelancer wrote the Aurora code, is focusing attention on Chinas loose web of cowboy hackers. AndSharpWinner -- the leader of a coalition including anywhere from 50,000 to 100,000 civilian members and,before he disappeared from public view in 2007, a regular participant in international cyberconflicts, includingthe 2001 hacker war stretching from China to the White House -- is just the beginning.The Aurora attacks represented an attempt by hackers apparently based in China to steal valuable informationfrom leading U.S. companies. (So far the list of victims includes Adobe Systems and Dow Chemical, in additionto Google.* Over the weekend, a security researcher told Computerworld that Aurora might have penetratedmore than 100 firms.) Investigators are still trying to understand where Aurora came from and what itmeans, but already some surprising clues have emerged. The Financial Times story followed on the heels of aNew York Times story reporting that researchers have traced the attacks back to two Chinese universities, oneof which has long been a training ground for freelance or "patriotic" hackers. Among the implications of thesereports: The U.S. understanding of Chinese hacking is seriously out of date.Western media accounts typically overlook freelancers in favor of bluster about the Chinese government. Somepair breathy accounts of cyberwar with images dredged up from 1960s Peoples Liberation Army propaganda, asif to suggest China has some centrally administered cyberbureau housing an army of professional hackers.Others make improbable or unsubstantiated allegations. Two years ago, a National Journal cover storyclaimed Chinese hackers were responsible for the 2003 blackout that crippled much of the U.S. Northeast, anevent repeated investigations have attributed to domestic negligence.In fact, the hacking scene in China probably looks more like a few intelligence officers overseeing a jumble oftalented -- and sometimes unruly -- patriotic hackers. Since the 1990s, China has had an intelligence programtargeting foreign technology, says James A. Lewis, senior fellow for cybersecurity and Internet policy at theCenter for Strategic and International Studies. Beyond that, however, things get complicated. "The hacking scenecan be chaotic," he says. "There are many actors, some directed by the government and others tolerated by it.These actors can include civilian agencies, companies, and individuals."To anyone who speaks Chinese, that chaos is obvious. Google the characters for heike -- a transliteration of"hacker" that means, literally, "black guest" -- and youll come up with pages and pages of results. Sites such aswww.chinahacker.com, www.cnhacker.com, and www.hackbase.com contain step-by-step instructions,advertisements for how-to seminars -- become a hacker in a few short weeks! -- and screen shots of foreigncasualties. And yet they are clearly not the work of the central government. Read on (or dont -- the sites are
  3. 3. packed with malware and users visit at their own peril) and youll find threads roiling with bitter infighting,foul-mouthed forum posts, and photos of scantily clad women."There are literally hundreds of these sites," says Scott J. Henderson, an intelligence contractor and former U.S.Army linguist who has written a book on Chinese hackers. "They all have different agendas and differentpersonnel. Its not as well-coordinated as everyone sitting down in a room and someone saying, You, go writethis code. You, go write that."Instead, Chinas hackers spring up organically. Mix together widespread youth nationalism with a highly wiredpopulation -- China now boasts the most Internet users in the world, with 384 million people online -- andout comes patriotic hacking. The self-described "red hackers" are the product of the "the fact that we live in atime when our country is moving toward prosperity," SharpWinner once said, quite accurately. Prosperity alsoensures a market for abundant hacker memorabilia: hacker magazines, hacker T-shirts, and tell-all books likehis. While traveling through rural China once, I stumbled across bins in a village store filled with Hacker brandcandy. (It tastes like saltwater taffy.)Every August, top hackers convene in Beijing for a conference ostensibly about information security butdescribed by one participant as including seminars on common attack techniques. Chinas hackerati range fromflamboyant prima donnas like SharpWinner to Sunwear, a slight, pixie-ish twentysomething who marks hiswebsite defacements with the innocuous tag line "just for fun!", to Xiao Tian, the unattainable femme fataleleader of China Girl Security Team. Many of their causes neatly overlap with the interests of the Chinesegovernment. Take one of the events that drove the development of hacker culture in China: the 1999 NATObombing of the Chinese Embassy in Belgrade. In retaliation, hackers plastered the website of the U.S. Embassyin Beijing with the phrase "Down with the Barbarians!" Or the targeting of email accounts of the Save DarfurCoalition, which opposes Chinese involvement in Sudan, in 2008. Or GhostNet, the cyberspying operationoriginating in China that was revealed last year to have infected 1,295 computers in 103 countries -- including theDalai Lamas network in Dharamsala, India. The University of Toronto researchers who uncovered theattack have not yet pinpointed its architects, but in a report on the attack, they noted the operation could easilybe the work of patriotic hackers using "do-it-yourself signals intelligence."But the fact that these hackers interests overlap with Chinese policy does not mean they are working on behalf ofBeijing, and indeed many of their activities suggest no government interference at all. "Governments are nottaking over botnets of compromised computers to conduct denial-of-service attacks," says Dorothy Denning, aprofessor of defense analysis at the Naval Postgraduate School in Monterey, Calif. It helps, however, that Beijingturns a blind eye to their attacks. An unwritten rule holds that freelance hackers are left alone as long as theytarget foreign sites and companies. Once they go after information inside China, the government cracks down.For a hacker interested in self-preservation, the choice is clear.Another part of the bargain appears to be remaining open to government requests. If the Financial Times reportis correct, Operation Aurora was executed with code developed by a thirtysomething freelance Web security
  4. 4. consultant working independently, without government prodding. According to the papers informant, describedas a U.S. government researcher, the hacker simply posted a chunk of the code on a hacking forum, where itfound its way into Chinese government hands. "He would rather not have uniformed guys looking over hisshoulder, but there is no way anyone of his skill level can get away from that kind of thing," the researcher wasquoted as saying.The rest of the story should become clearer in coming months. But another report traces the attacks to servers atShanghai Jiao Tong Universitys School of Information Security Engineering, one of Chinas topcomputer science schools and a hotbed for freelance hackers. For years, students there have freely organizedhacker groups and traded war stories in forums hosted on the school website. In 2007, Shanghai Jiaotonggraduate student and veteran hacker Peng Yinan hosted an information session titled "Hacker in a Nutshell" in aschool conference room. The PowerPoint slides he worked off -- which until recently could be downloadedfrom his groups website, now down -- glorify hacker culture and explain successful techniques that can be triedat home, pointing out that Chicago Tribune reporters once uncovered contact information for thousands of CIAagents using a basic online service. A flier advertising the event described Peng as a consultant for the ShanghaiPublic Security Bureau.Another student whose screen name appears on Pengs hacks -- but who told me he wasnt involved -- went on towork for Google.Could Operation Aurora have been written by a freelancer, picked up by a bureaucrat, and then reassigned to afreelancer with ties to Google? It is a possibility worth entertaining, at least. Some have argued that the Chinesegovernment should have more effective means for securing intelligence than students and online misfits. Butothers say a decentralized approach suits Beijing just fine. "You can see the benefits of having a blurry line," saysLewis. "The Russians do it all the time with Estonia: Of course it wasnt us. Can you prove it was us?"Ultimately, a loose connection between Beijing intelligence operatives and patriotic hackers is more troublingthan a strong one. Governments operate under constraints. Gangs of young men -- as the United States haslearned the hard way -- dont. "Certainly if its government-sponsored cyberwarfare, I have someone I can deter,"says Henderson. "If its mutually assured online destruction -- OK, I can at least develop a theory on that. Butwith rogue Internet actors its very difficult. Theyre potentially very dangerous."The thought would flatter SharpWinner. In his TV appearance, he confided his concerns about hacking culture inChina. He had witnessed the disintegration of some prominent hacker groups, and he fretted that most patriotssimply get on board whenever some international incident flares up and lay off hacking foreign companies oncethings cool down. But with a little effort these challenges can be overcome, he concluded, saying that he isencouraged by a recent resurgence of interest in hacking. Then he addressed listeners directly. "Brothers," heintoned, "go with me! The future of red hacking is bright!"*The original version of this article cited reports that RAND Corporation had been hit by Aurora. A RAND
  5. 5. spokesman wrote in to say "RAND has not been hit -- we have no evidence of attacks or having been targetedby Aurora." Save big when you subscribe to FPLIU JIN/AFP/Getty Images Mara Hvistendahls writing has appeared in Harpers, The New Republic, and Science. She is writing a book on Asias gender imbalance, due out in 2011 from Public Affairs. SHOW COMMENTS LOGIN OR REGISTER REPORT ABUSE FOLLOW US ON TWITTER | VISIT US ON FACEBOOK | FOLLOW US ON RSS | SUBSCRIBE TO FOREIGN POLICY ABOUT FP | MEET THE STAFF | FOREIGN EDITIONS | REPRINT PERMISSIONS | ADVERTISING | WRITERS’ GUIDELINES | PRESS ROOM | WORK AT FP SERVICES:SUBSCRIPTION SERVICES | ACADEMIC PROGRAM | FP ARCHIVE | REPRINT PERMISSIONS | FP REPORTS AND MERCHANDISE | SPECIAL REPORTS | BUY BACK ISSUES PRIVACY POLICY | DISCLAIMER | CONTACT US[AD] 11 DUPONT CIRCLE NW, SUITE 600 | WASHINGTON, DC 20036 | PHONE: 202-728-7300 | FAX: 202-728-7342 FOREIGN POLICY IS PUBLISHED BY THE FP GROUP, A DIVISION OF THE WASHINGTON POST COMPANY ALL CONTENTS ©2012 THE FOREIGN POLICY GROUP, LLC. ALL RIGHTS RESERVED.

×